001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.mgt;
020
021import org.apache.shiro.authz.AuthorizationException;
022import org.apache.shiro.cache.CacheManagerAware;
023import org.apache.shiro.event.EventBus;
024import org.apache.shiro.event.EventBusAware;
025import org.apache.shiro.session.Session;
026import org.apache.shiro.session.SessionException;
027import org.apache.shiro.session.mgt.DefaultSessionManager;
028import org.apache.shiro.session.mgt.SessionContext;
029import org.apache.shiro.session.mgt.SessionKey;
030import org.apache.shiro.session.mgt.SessionManager;
031import org.apache.shiro.util.LifecycleUtils;
032
033
034/**
035 * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
036 * {@link org.apache.shiro.session.Session session} operations to a wrapped
037 * {@link org.apache.shiro.session.mgt.SessionManager SessionManager} instance.  That is, this class implements the
038 * methods in the {@link SessionManager SessionManager} interface, but in reality, those methods are merely
039 * passthrough calls to the underlying 'real' {@code SessionManager} instance.
040 * <p/>
041 * The remaining {@code SecurityManager} methods not implemented by this class or its parents are left to be
042 * implemented by subclasses.
043 * <p/>
044 * In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
045 * possible, suitable default instances for all dependencies will be created upon instantiation.
046 *
047 * @since 0.9
048 */
049public abstract class SessionsSecurityManager extends AuthorizingSecurityManager {
050
051    /**
052     * The internal delegate <code>SessionManager</code> used by this security manager that manages all the
053     * application's {@link Session Session}s.
054     */
055    private SessionManager sessionManager;
056
057    /**
058     * Default no-arg constructor, internally creates a suitable default {@link SessionManager SessionManager} delegate
059     * instance.
060     */
061    public SessionsSecurityManager() {
062        super();
063        this.sessionManager = new DefaultSessionManager();
064        applyCacheManagerToSessionManager();
065    }
066
067    /**
068     * Sets the underlying delegate {@link SessionManager} instance that will be used to support this implementation's
069     * <tt>SessionManager</tt> method calls.
070     * <p/>
071     * This <tt>SecurityManager</tt> implementation does not provide logic to support the inherited
072     * <tt>SessionManager</tt> interface, but instead delegates these calls to an internal
073     * <tt>SessionManager</tt> instance.
074     * <p/>
075     * If a <tt>SessionManager</tt> instance is not set, a default one will be automatically created and
076     * initialized appropriately for the the existing runtime environment.
077     *
078     * @param sessionManager delegate instance to use to support this manager's <tt>SessionManager</tt> method calls.
079     */
080    public void setSessionManager(SessionManager sessionManager) {
081        this.sessionManager = sessionManager;
082        afterSessionManagerSet();
083    }
084
085    protected void afterSessionManagerSet() {
086        applyCacheManagerToSessionManager();
087        applyEventBusToSessionManager();
088    }
089
090    /**
091     * Returns this security manager's internal delegate {@link SessionManager SessionManager}.
092     *
093     * @return this security manager's internal delegate {@link SessionManager SessionManager}.
094     * @see #setSessionManager(org.apache.shiro.session.mgt.SessionManager) setSessionManager
095     */
096    public SessionManager getSessionManager() {
097        return this.sessionManager;
098    }
099
100    /**
101     * Calls {@link org.apache.shiro.mgt.AuthorizingSecurityManager#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls
102     * {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the
103     * <code>CacheManager</code> is applied to the SessionManager as necessary.
104     */
105    @Override
106    protected void afterCacheManagerSet() {
107        super.afterCacheManagerSet();
108        applyCacheManagerToSessionManager();
109    }
110
111    /**
112     * Sets any configured EventBus on the SessionManager if necessary.
113     *
114     * @since 1.3
115     */
116    @Override
117    protected void afterEventBusSet() {
118        super.afterEventBusSet();
119        applyEventBusToSessionManager();
120    }
121
122    /**
123     * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set
124     * {@link #setCacheManager CacheManager} so it may use it for its internal caching needs.
125     * <p/>
126     * Note:  This implementation only injects the CacheManager into the SessionManager if the SessionManager
127     * instance implements the {@link CacheManagerAware CacheManagerAware} interface.
128     */
129    protected void applyCacheManagerToSessionManager() {
130        if (this.sessionManager instanceof CacheManagerAware) {
131            ((CacheManagerAware) this.sessionManager).setCacheManager(getCacheManager());
132        }
133    }
134
135    /**
136     * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set
137     * {@link #setEventBus EventBus} so it may use it for its internal event needs.
138     * <p/>
139     * Note: This implementation only injects the EventBus into the SessionManager if the SessionManager
140     * instance implements the {@link EventBusAware EventBusAware} interface.
141     *
142     * @since 1.3
143     */
144    protected void applyEventBusToSessionManager() {
145        EventBus eventBus = getEventBus();
146        if (eventBus != null && this.sessionManager instanceof EventBusAware) {
147            ((EventBusAware)this.sessionManager).setEventBus(eventBus);
148        }
149    }
150
151    public Session start(SessionContext context) throws AuthorizationException {
152        return this.sessionManager.start(context);
153    }
154
155    public Session getSession(SessionKey key) throws SessionException {
156        return this.sessionManager.getSession(key);
157    }
158
159    public void destroy() {
160        LifecycleUtils.destroy(getSessionManager());
161        this.sessionManager = null;
162        super.destroy();
163    }
164}